Identity and access security issues are increasingly top of mind for companies. According to a recent Verizon survey, 61% of all breaches now involve credentials — whether they be stolen via social engineering or hacked using brute force. It’s frustrating for users, too; a NordPass poll found that eight out of 10 people find password management difficult.
Looking to solve some of the challenges around authentication, Keith Graham and Stephen Cox co-founded Strivacity, a startup that allows companies to create secure business-to-business and business-to-consumer sign-in experiences.
In a sign that investors believe in the vision (or at least the business proposition), Strivacity today closed a $20 million Series A-2 round led by SignalFire with participation from Ten Eleven Ventures, Mandiant founder Kevin Mandia, and Tenable co-founder Jack Huffard. The fresh cash brings Strivacity’s total raised to $28 million, which Graham, Strivacity’s CEO, says is being put toward product R&D, various go-to-market initiatives and customer support.
“Given the response from the market, it made sense to add this investment now so we can scale up to meet the demand we’re seeing,” Graham told TechCrunch in an email interview.
In their previous roles at Mandiant and SecureAuth, Graham and Cox say they saw an aggravating story replaying itself over and over. Identity authentication platforms would take months to roll out their solutions for enterprises, resulting in a poor customer experience and costly post-deployment maintenance.
“It was time for a plot twist. Cox and I saw an opportunity to create a low-code solution that’s completely focused on creating simple and secure customer sign-in journeys, built on a modern cloud-native architecture,” Graham said.
With Strivacity’s platform, users get access to a dashboard with radio buttons and drop-down menus they can use to create sign-in flows. Strivacity handles aspects like consent management, identity verification and branding. And because it’s hosted on a scalable cloud, it can ramp up to match spikes in customer login activity for up to hundreds of millions of monthly active users, Graham claims.
Strivacity’s dashboard. Image Credits: Strivacity
To prevent bots from logging in and stealing data, Strivacity makes use of AI and machine learning models. The models look at customer behavior and usage patterns to attempt to identify “bad” or “unusual” activity based on each user’s history. When something anomalous happens, additional security steps are triggered to protect a user’s account from being hijacked.
Graham highlighted a few privacy-centric features of the Strivacity platform, like a tool that allows logged-in customers to easily delete their data themselves. Strivacity also lets companies deploy fully isolated customer instances in the country of their choice, helping them meet data residency and sovereignty requirements.
“The battle over the customer login box is invariably an arm wrestling match between security and marketing — or whoever owns the customer experience,” Graham said. “We reduce the risk of accounts getting hijacked and the associated fraud and reputational damage by making it easy for security teams to deploy modern security features without adding friction to the customer sign-in experience.”
Exhaustiveness of its product aside, Stravacity competes in a crowded market — one that has VCs investing with gusto. In 2021, VC firms poured $3.2 billion into the identity management space, about 2.5x the amount of investment from 2020’s $1.3 billion.
It’s likely attributable to the high rate of adoption for identity solutions. In a March 2021 survey by Ping Identity, 64% of U.S.-based companies said that they invested in new identity security capabilities while 79% of executives expected those investments to increase within the next 12 months.
Graham sees Strivacity’s main competitors being ForgeRock and Ping Identity — both of which were recently snatched up by private equity firm Thoma Bravo — and Okta via the products it acquired in its acquisition of Auth0 last year. Other rivals include ConductorOne, Saviynt and Axiom, which collectively have raised hundreds of millions of dollars in capital.
To stay one step ahead, Strivacity’s adding new features, including document-based verification and support for companies with multiple subsidiaries and divisions, Graham said. Growing its customer base is a prime focus; current clients are relatively few but include the online university Southern New Hampshire University and the casino chain Mohegan. (I asked about revenue, but Graham declined to give a figure.)
“The pandemic forced every company to rethink its online customer experience. Many organizations that rushed to enhance their online customer experience at the start of the pandemic are finding that whatever they built isn’t working how they’d hoped or can’t scale up. That’s creating opportunities for us,” he added. “While the slowdown is impacting tech companies, our customers are larger customer-facing orgs like travel, hospitality and entertainment organizations that are still growing strong because of pent-up demand from everyone being stuck inside during the pandemic.”
In the next 12 months, Strivacity plans to nearly double its workforce from 40 employees to around 70.